Long-Range Dependence Analysis of Control and Data Planes Network Traffic

This paper analyzes network traffic behavior using correlation analysis of control and data planes. The Long-Range Dependence behavior (LRD) of the control and data planes traffic is examined on different directions with respect to the enterprise network. The approach is tested on the TCP traffic of the Network Intrusion Dataset provided by the Information Exploration Shootout project. Results show that network attacks in the dataset that affect the aggregate traffic cause the incoming control traffic or the outgoing data traffic to fail to exhibit LRD behavior, whereas the traffic as a whole still exhibits LRD behavior. These two subgroups are the only ones affected, as the attacks in the dataset are carried via the incoming control traffic, and the response to this traffic appears at the outgoing data traffic. These two subgroups have low traffic volume, hence they significantly reduce the amount of traffic analysis. In addition, correlation analysis of control and data planes traffic will enable the detection of abnormal behaviors that might not be detected by previous work that only look at the traffic as a whole. Keywords—Network traffic analysis, correlation analysis, abnormal behavior, long-range dependence, the Optimization Method.